Smartcard Security Assessment Audit Report

of

Watchdata ProxKey Cryptographic Token

Mandated by

Controller of Certifying Authorities (CCA)

Authored By

March 13, 2023

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

The information in this document has been classified as

“Confidential”. This classification applies to the most
sensitive business information, which is intended strictly for
use within M/s Pagaria Advisory Private Limited and
Controller of Certifying Authorities (CCA). Its
unauthorized disclosure could seriously and adversely
impact the owner, its stakeholders, its business partners,
and/or its customers leading to legal and financial
repercussions and adverse public opinion.

Watchdata ProxKey Cryptographic Token Confidential Page 2

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

Document Information

Project Smartcard Security Assessment

Owner M/s Watchdata Technologies Pte Ltd, (OEM)
11, Coller Quay, #16-01, The Arcade, Singapore 049317.

M/s Pagaria Advisory Private Limited (Authorized Representative)

901-902, Mayuresh Square, Plot -17, Sector -15, CBD Belapur,
Navi Mumbai, Maharashtra, India – 400614.
Type Audit Report
Name Smartcard Security Assessment Audit Report
Version Version 1.0
Draft / Final Final

Author Information

Prepared By Ms. Prachi Jadhav

Approved By Mr. Kamlesh Kale
Company Kochar Consultants Private Limited
302, SwapnaBhoomi, A Wing,
S.K. Bole Road, Dadar (W), Mumbai 400028.
Tel: 24379537 / 24378212 / 24229490
[email protected]
Release Date 13/03/2023

Revision Controls

Action Date Revision Details

Created on 13/03/2023 Final Version 1.0
Reviewed on 13/03/2023
Revised On

Watchdata ProxKey Cryptographic Token Confidential Page 3

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

Table of Contents
1. BACKGROUND ...................................................................................................................................................................................... 5
2. SCOPE OF WORK.................................................................................................................................................................................. 5
3. SCOPE LIMITATIONS & ASSUMPTIONS ............................................................................................................................................. 7
4. AUDITOR INDEPENDENCE ................................................................................................................................................................... 8
5. CIRCULATION RESTRICTIONS ............................................................................................................................................................ 8
6. AUDIT DATE AND LOCATION .............................................................................................................................................................. 8
7. AUDITEE REPRESENTATIVES ............................................................................................................................................................. 9
8. AUDIT TEAM .......................................................................................................................................................................................... 9
9. LIST OF ACRONYMS AND ABBREVIATIONS ................................................................................................................................... 10
10. EXECUTIVE SUMMARY ....................................................................................................................................................................... 11
11. GENERAL SPECIFICATIONS .............................................................................................................................................................. 12
12. TECHNICAL SPECIFICATIONS ........................................................................................................................................................... 13
13. DETAILED SECURITY ASSESSMENT FINDINGS .............................................................................................................................. 14

Watchdata ProxKey Cryptographic Token Confidential Page 4

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

1. Background

The X.509 Certificate Policy for India PKI mandates that the private key of a subscriber should be stored in a Hardware Cryptographic Module /
token which has been validated to FIPS 140-1/2 Level 3 for class 2 and class 3 DSCs. CCA has released the guidelines defining the security
requirements for crypto devices used by the end users in performing digital signatures functions. The crypto device is referred as a PKI Smart card
or a PKI crypto token.

As per the guidelines, the Token Manufacturer (OEM) or representative organization (in the absence of OEM office in India) should engage a Cert-
in empanelled auditor to carry out Smartcard Security Assessment. Hence M/s Pagaria Advisory Private Limited has engaged the services of
Kochar Consultants Private Limited to perform this assessment vide appointment letter dated February 20, 2023.

2. Scope of Work
As per the “Security Requirements for Crypto Devices” Version 2.0 issued by CCA on November 14, 2022, we have carried out the security
assessment of the Watchdata ProxKey Cryptographic Module.

The assessment was conducted as per the broad scope defined in the above guidelines, which comprises of the following audit agenda:
 Functions Prior to User Authentication
 User Authentication
 Physical Security (CMVP)
 Cryptographic Algorithms (CAVP Certificate)

Watchdata ProxKey Cryptographic Token Confidential Page 5

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

 Key Entry
 Key Output
 Key Zeroization
 EMI / EMC
 Power Up Self-Tests
 Interface Specification
 Mitigation of Other Attacks
 Operating System Security
 Key Storage
 Key Zeroization
 Application Integrity
 Admin Password feature
 General requirements
 Audit Requirements

Watchdata ProxKey Cryptographic Token Confidential Page 6

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

3. Scope Limitations & Assumptions

 The audit has been conducted using dummy / testing certificates of the end users.

 Our audit observations have been registered at a point in time. It may change at a later date if the system parameters are changed.

 The responsibility for the design and implementation of the security controls including adequate disclosures is that of the management of the
OEM and that it is responsible for correcting control lapses, if any.

 The OEM and the Authorized representative are responsible for its assertion. Our responsibility is to express an opinion on their assertion
based on our audit / observations.

 The projection of any conclusions, based on our findings, to future periods is subject to the risk that:
 Changes made to the hardware, design, application or system or controls.
 Changes in processing requirements,
 Changes required because of the passage of time, or changes in business or regulator or guidelines
 Degree of compliance with the policies or procedures may alter the validity of such conclusions.
 Any future known / unknown vulnerability or malware attack, may have altered the validity of such conclusions

Watchdata ProxKey Cryptographic Token Confidential Page 7

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

4. Auditor Independence
We certify that none of the Officials / Directors of M/s Pagaria Advisory Private Limited is related with any of the Officials / Directors of Kochar
Consultants Private Limited Kochar Consultants Private Limited does not have any interest in the management of M/s Pagaria Advisory Private
Limited.

5. Circulation Restrictions
This report along with the annexures is meant for The Controller of Certifying Authorities (CCA) and M/s Pagaria Advisory Private Limited.
Further distribution of this report is at the sole discretion of the management of the respective organizations. The auditor is not liable for its use for
any other purpose or by any other person. The audit report is issued without any warranty or guarantee by the auditor and without any obligation
towards the auditor.

6. Audit Date and location

The review was conducted from March 02, 2023 to March 08, 2023 at:

M/s Pagaria Advisory Private Limited

901-902, Mayuresh Square, Plot -17,
Sector -15, CBD Belapur, Navi Mumbai,
Maharashtra, India - 400614

Watchdata ProxKey Cryptographic Token Confidential Page 8

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

7. Auditee Representatives
Name Organization Designation Contact
Ankush Pagaria Pagaria Advisory Private Limited Project Consultant [email protected]
Tushar Bhor Pagaria Advisory Private Limited Senior Manager Support [email protected]
Victor Watchdata Technologies Pte Ltd Managing Director (International Business) [email protected]

8. Audit Team
The audit team comprised of the following members:

Kamlesh Kale Prachi Jadhav

PGDBA, ADCL,CISA, CISM, CEH,CHFI,ISO 27001:2013 LA PGDBA, CEH, Security+, ISO 27001:2013 LA
Head – IT GRC | IS Audit | IT Security Tech Lead – IT Security

Kochar Consultants Private Limited

302, SwapnaBhoomi, A Wing,
S.K. Bole Road, Dadar (W),
Mumbai - 400028.
Tel: 24379537 / 24378212 / 24229490
[email protected]

Watchdata ProxKey Cryptographic Token Confidential Page 9

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

9. List of Acronyms and Abbreviations

API Application Programming Interface

CAVP Cryptographic Algorithm Validation Program
CCA Controller of Certifying Authorities
DES Data Encryption Standard
DEMA Differential Electromagnetic Analysis
DPA Differential Power Analysis
EMC Electromagnetic Compatibility
EMI Electromagnetic Interference
FIPS Federal Information Processing Standard (United States Standards)
PP Protection Profile
SCP Secure Channel Protocol
SPA Simple Power Analysis
ST Security Target

Watchdata ProxKey Cryptographic Token Confidential Page 10

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

10. Executive Summary

Sr. Assessment Area Compliant Status

1. Functions Prior to User Authentication Yes
2. User Authentication Yes
3. Physical Security Yes
4. Cryptographic Algorithms Yes
5. Key Entry Yes
6. Key Output Yes
7. Key Zeroization Yes
8. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) Yes
9. Power Up Self-Tests Yes
10. Interface Specification Yes
11. Key Management Document Yes
12. Mitigation of Other Attacks Yes
13. Operating System Security Yes
14. Key Storage Yes
15. Key Zeroization Yes
16. Application Integrity Yes
17. Admin Password feature Yes
18. General Requirements Yes
19. Audit Requirements Yes

Watchdata ProxKey Cryptographic Token Confidential Page 11

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

11. General Specifications

Original Equipment Manufacturer (OEM) M/s Watchdata Technologies Pte Ltd,

11, Coller Quay, #16-01, The Arcade,
Singapore 049317.

Authorized Representatives in India M/s Pagaria Advisory Private Limited

901-902, Mayuresh Square, Plot -17, Sector -15,
CBD Belapur, Navi Mumbai, Maharashtra, India – 400614.
Email: [email protected] | Mobile: +91 9323251252

Watchdata ProxKey Cryptographic Token Confidential Page 12

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

12. Technical Specifications

Module Name WatchKey ProX USB Token Cryptographic Module

Standard FIPS 140-2 Level 3 certified vide Certificate No. 4159 dated February 17, 2022.
https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4159

Hardware Version Smart Card Chip AS518 and K023314A

Firmware Version 36410102 as per FIPS 140-2 audit compliance report

Security Policy Watchdata ProxKey FIPS 140-2 Non-Proprietary Security Policy Policy Version 1.0.4
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-
program/documents/security-policies/140sp4159.pdf
Reference Documents / Tools Watchdata ProxKey FIPS 140-2 Non-Proprietary Security Policy Policy Version 1.0.4
Watchdata ProxKey FIPS 140-2 Key Management version 1.0 dated 15/05/2018
CSP Version: PROXKey CSP India V3.0 & above
Supported Driver: Windows Driver Version : 6.0.0 & Above & 5.0.0 For Ubuntu , Linux & MAC

Sample Token used for

Testing and verification

Watchdata ProxKey Cryptographic Token Confidential Page 13

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

13. Detailed Security Assessment Findings

Compliant /
Sr. Audit Criteria Audit Observations & Recommendations Non-
Compliant
1. Functions Prior to User Authentication Compliant
The functions that can be performed before user
authentication shall:
a) be limited to access and use of public information such as Before user authentication, the user is only able to access
examination of public key certificates; and and see the token system information and public key
certificate details. Access to the certificate details is
available only after user authentication.
b) Shall not include any access or operation involving Private key cannot be used without user authentication.
private or secret key operations.
2. User Authentication: Compliant
User Authentication mechanism shall meet the following
requirements:
a) Authentication mechanism shall be such that a random Requirements are fully addressed by FIPS 140-2. Thus,
guess has less than 1 in 1,000,000 probability of success. no additional analysis has been performed.
As per Security Policy
The probability of a successful random attempt is 1/626,
which is less than 1/1,000,000. Assuming 10 attempts per
second via a scripted or automatic attack, the probability
of a success with multiple attempts in a one minute period
is 600/626, which is less than 1/100,000.
b) Authentication mechanism shall be such that multiple Requirements are fully addressed by FIPS 140-2. Thus,
random guesses in any one minute interval shall have no additional analysis has been performed.

Watchdata ProxKey Cryptographic Token Confidential Page 14

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

less than 1 in 100,000 probability of success.

As per Security Policy
The probability of a successful random attempt is 1/626,
which is less than 1/1,000,000. Assuming 10 attempts per
second via a scripted or automatic attack, the probability
of a success with multiple attempts in a one minute period
is 600/626, which is less than 1/100,000.
c) Authentication information stored on the crypto device in Requirements are fully addressed by FIPS 140-2. Thus,
any form (e.g., plaintext, cryptographic hash, encrypted) no additional analysis has been performed.
shall be protected from unauthorized access or
modification in order to protect from offline dictionary
attack.
d) In order to prevent unauthorized access, the mechanism We have verified that access to the token or the file
should also have provision to disable access to the file system of the token is denied after 10 unsuccessful pin
system of PKI Crypto device / Crypto token after pre- authentication attempts.
defined unsuccessful attempts of user authentication. The
maximum number of such attempts shall not be more
than 10.
3. Physical Security: Compliant
Physical security mechanism shall meet the following
requirements:
a) The crypto device shall be designed to either detect Requirements are fully addressed by FIPS 140-2.
physical tampering or to zeroize upon physical tampering.
Physical tamper detection can be implemented on the As per Security policy
chip or the crypto device. The module is a multiple-chip standalone module and
conforms to Level 3 requirements for physical security.
The module is composed of production-grade
components with standard passivation (a sealing coat
applied over the chip circuitry to protect it against
environmental and other physical damage) and is housed

Watchdata ProxKey Cryptographic Token Confidential Page 15

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

in a sealed, hard plastic enclosure that has no openings,

vents or doors. It cannot be opened without damage.

b) The crypto device shall successfully undergo the process Requirements are fully addressed by FIPS 140-2. Thus,
of Cryptographic Module Validation Program (CMVP) of no additional analysis has been performed.
FIPS 140-2, Security Requirements for Cryptographic
Modules. These Security requirements cover different The certification details are available on
areas related to the design and implementation of a https://csrc.nist.gov/projects/cryptographic-module-
cryptographic module. A copy of such validation validation-program/Certificate/4159
certificate shall be submitted by the crypto device vendor
for each device.
4. Cryptographic Algorithms: Compliant
a) The crypto device shall successfully undergo FIPS The Watchdata ProxKey USB Token has successfully
Cryptographic Algorithm Validation Program (CAVP) for undergo FIPS Cryptographic Algorithm Validation
each FIPS algorithm claimed to be implemented. Program (CAVP) for the following list of FIPS-Approved
algorithms when operated in FIPS-mode.

Algorithm Algorithm
Cert #
AES 3196
CMAC (AES) 3196
DRBG 673
ECDSA Key Generation
ECDSA Public Key Validation
585
ECDSA Signature Generation
ECDSA Signature Verification
RSA Key Generation
RSA (PKCS#1 1.5) Signature
1630
Generation
RSA (PKCS#1 1.5) Signature
Verification

Watchdata ProxKey Cryptographic Token Confidential Page 16

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

SHA‐1, SHA‐256, SHA‐384, SHA‐512 2647

(byte only)
Triple‐DES 2100

The certification details are available on

https://csrc.nist.gov/projects/cryptographic-module-
validation-program/Certificate/4159
b) If the crypto device generates keys for a FIPS algorithm, FIPS approved security functions used specifically are:
the crypto device shall also successfully undergo FIPS
CAVP for key generation for that algorithm.  DRBG Deterministic Random Bit Generator
based on SP 800-90A for random number
generation and asymmetric key generation. - vide
certificate Cert. #673
 AES (Advanced Encryption Standard algorithm). -
vide certificate Cert. #3196
 RSA based on PKCS#1 and is CAVP validated
for 2048 bit key length - vide certificate Cert.
#1630
 ECDSA (Elliptic Curve Digital Signature
Algorithm): signature generation, verification and
key pair generation. It is CAVP validated for the
NIST defined P-192, P-256, - vide certificate Cert.
#585.
 SHA‐256, - Secure hash algorithm vide certificate
Cert. #2647
 Triple‐DES 3 Key (Triple Data Encryption
Algorithm) based on SP 800-67- vide certificate
Cert. #1822
c) The crypto device shall support either ECC or RSA or The Watchdata ProxKey supports RSA Public and Private
both as per the key length specified in the IOG issued by key pair with 2048 bits modulus size and SHA-256,
CCA SHA-384 or SHA-512 Algorithm.

Watchdata ProxKey Cryptographic Token Confidential Page 17

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

It also supports ECDSA Public and Private key pair

according to NIST defined P-256 curves

Hence the Watchdata ProxKey supports the key length

(2048 bit) specified in the IOG issued by CCA
5. Key Entry: Compliant
The crypto device shall only import keys into crypto device in
Key is only imported into Crypto device. No export is
encrypted form. The encryption mechanism and key
possible of any key, except public keys.
encrypting keys shall be at least as strong as the key being
imported. SHA256 with RSA encryption.
Key length is 2048 bits

6. Key Output: Compliant

The crypto device shall be pre-configured to make private On a verification of sample tokens, we have observed that
keys to be non-exportable in any form. the export of private key has been disabled.

Security Policy submitted for FIPS 140-2 compliance, all

keys outputs (exports) – Never exits the module except
RSA and ECDSA public keys.
7. Key Zeroization: Compliant
The crypto device shall provide a mechanism to zeroize the Requirements are fully addressed by FIPS 140-2. Thus,
card by zeroizing all keys, passwords, PINs, seeds, etc., held no additional analysis has been performed.
on the crypto device. Security Policy submitted for FIPS 140-2 compliance, all
keys can be zeroised or erased by APDU command.
As per Security Policy –
The zeroization is performed by filling the memory area

Watchdata ProxKey Cryptographic Token Confidential Page 18

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

with “FF”. It is performed immediately after the zeroization

APDU commands are called.

8. Electromagnetic Interference/Electromagnetic Compatibility (EMI / EMC): Compliant

a) The crypto device shall conform to the EMI/EMC Requirements are fully addressed by FIPS 140-2. Thus,
requirements specified by United States 47 Code of no additional analysis has been performed.
Federal Regulations, Part 15, Subpart B, Unintentional
Radiators, Digital Devices, Class A(i.e., for business use) As per Security Policy:
The module meets the requirements of 47 CFR PART 15
regulation & ANSI C63.4 and ICES003 for the evaluation
of Class B of electromagnetic compatibility. This device
complies with Part 15 of FCC Class B rules for home or
office use, with FCC ID: Y97-PROXKEY001.

9. Power Up Self-Tests: Compliant

a) The crypto device shall undergo self-tests during power- Requirements are fully addressed by FIPS 140-2. Thus,
up to ensure that the underlying hardware is operating no additional analysis has been performed.
correctly.
As per Security Policy –

The Watchdata ProxKey implements a number of self-

tests to ensure that proper cryptographic algorithm
calculations are implemented in the module. Self-tests
include power-up self-tests and conditional tests.
10. Interface Specification: Compliant
a) The product documentation shall describe all interfaces to OEM has a detailed API technical manual covering all
the cryptographic module, including Application interfaces.
Programming Interfaces (APIs).
The Watchdata ProxKey FIPS 140-2 Non-Proprietary

Watchdata ProxKey Cryptographic Token Confidential Page 19

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

Security Policy Policy Version 1.0.4 document describes

all the interfaces to the cryptographic modules.
b) The API shall describe each interface in full detail Described in the Watchdata ProxKey FIPS 140-2 Non-
including, function call, description of the function, inputs, Proprietary Security Policy Policy Version 1.0.4
outputs, errors and exceptions, and side effects. document.
c) For FIPS 140-2 evaluated products, it is possible that a Security Policy covers functions available under each
well-written and complete security policy covers the role. The Token supports two types of roles: User Role
functional specification under the services and functions and Security Officer Role.
available to each role
All services that required authentication provided by
Token are listed in Table 7 of the security policy

d) For FIPS 140-2 validated products that are not have There is no formal ADV_FSP.4 assurance. But, OEM has
ADV_FSP.4 or higher security assurance requirement, provided the complete functional specification.
the vendor should be required to provide a complete
functional specification
11. Key Management Document: Compliant
The documentation shall describe types of internal and user The Watchdata ProxKey FIPS 140-2 Non-Proprietary
keys and their life-cycle and states in terms of the following: Security Policy Policy Version 1.0.4 and “Key
Management” Version 1.0 dated 17/02/2022 has been
used as a reference to verify the required details.
a) Algorithm and mode for the key and the key size List of approved algorithms which the module can
implement, mode for the key and the key size is
documented.
b) Whether the key is generated onboard on the crypto The RSA\ECC Private and Public Key are generated by
device or imported the module with the FIPS 186-4 RSA Key Generation
method.

The documentation describes whether the key is

Watchdata ProxKey Cryptographic Token Confidential Page 20

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

generated onboard on the crypto device or imported

c) Whether the key can be output The documentation describes about the data output is
inhibited during key generation, self-tests, zeroization,
and error states.
d) How the key can be destroyed / zeroized The key management section in the security describes
destruction methods of the keys in their applicative phase.

e) Functions / purposes the key is used for Described in the Platform Critical Security Parameters
Section 4 of the Security Policy
12. Mitigation of Other Attacks: Compliant
Mitigation of attacks takes place by following below
procedure:
The documentation shall describe which, if any, side The Mitigation Attacks version 1.0 document describes
channels are mitigated by the crypto device design. the attacks that are mitigated by the device design
Examples of side channel attacks are Simple Power Analysis
(SPA), Differential Power Analysis (DPA), Timing Analysis,
The document describes that module implements
and Fault Injection.
defenses against:
 Hardware Mitigation Attack Mechanism
 Software Mitigation Attack Mechanism
o Side channel analysis (Timing Analysis,
SPA/DPA, Simple/Differential
Electromagnetic Analysis)
o Fault Injection
The documentation shall describe how each attack is The Mitigation Attacks version 1.0 document describes
mitigated and what testing has been conducted to prove the how each attacks are mitigated.
effectiveness of mitigation.
The document describes that module implements

Watchdata ProxKey Cryptographic Token Confidential Page 21

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

defenses against:
 Hardware Mitigation Attack Mechanism
 Software Mitigation Attack Mechanism
o Side channel analysis (Timing Analysis,
SPA/DPA, Simple/Differential
Electromagnetic Analysis)
o Fault Injection
13. Operating System Security: Compliant
If application software such as applets can be loaded on the
crypto device, the following requirements shall be met:
a) Self-Protection: The operating system shall be designed Requirements are fully addressed by FIPS 140-2. Thus,
to protect itself from external interference and tampering, no additional analysis has been performed.
including attack from applications.
b) Non-Bypassable: The security enforcing functions of the Requirements are fully addressed by FIPS 140-2. Thus,
operating system shall not be bypassable. no additional analysis has been performed.
c) Domain Isolation: The operating system shall provide Requirements are fully addressed by FIPS 140-2. Thus,
each application an execution domain that cannot be no additional analysis has been performed.
interfered with.

d) Identification & Authentication: The operating system Requirements are fully addressed by FIPS 140-2. Thus,
shall provide mechanism for users and applications to no additional analysis has been performed.
authenticate to the operating system for access control
purposes. The operating system shall protect the
authentication mechanism and 9 authentication
databases (e.g., plaintext or encrypted forms of
passwords and PINs) as part of self-protection.

e) Access Control: The operating system shall enforce an Requirements are fully addressed by FIPS 140-2. Thus,
access control policy in terms of applications being able no additional analysis has been performed.

Watchdata ProxKey Cryptographic Token Confidential Page 22

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

to access data and other applications.

f) Residual Information Protection: The operating system Requirements are fully addressed by FIPS 140-2. Thus,
shall ensure that the previous information contents are no additional analysis has been performed.
unavailable when a resource (e.g., memory) is allocated.

14. Key Storage: Compliant

a) The crypto device should store private and secret keys in As per the security policy, Watchdata ProxKey stores the
encrypted form. keys in the memory embedded in the Smart Card chip.
Data stored in the memory is protected by the secure
design of the Smart Card chip and the enclosure of the
module.

Private and secret keys are stored in encrypted form.

Decryption requires user PIN or password.

b) Decryption shall require entry of password or PIN. In Only if the PIN Authentication is successful the private
other words, password or PIN shall be used to derive the key of the user shall be decrypted and available for use.
key encrypting key.
For both user PIN and Security Officer’s PIN, the PIN is
This is not a requirement for FIPS 140-2. Thus, this will hashed and truncated; and then encrypted using KEK to
require additional testing. Note that it is critical that the store in the module.
crypto device does not have information stored in the
crypto device that can be used to decrypt the key; it
should require some user entered information to
reconstitute the key decrypting key. This approach
provides added protection against physically hacking the
crypto device.

Watchdata ProxKey Cryptographic Token Confidential Page 23

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

15. Key Zeroization: Compliant

The crypto device should provide a mechanism to zeroize a
Security Policy submitted for FIPS 140-2 compliance, all
specific key.
keys can be zeroised or erased by APDU command. The
zeroization is performed by filling the memory area with
“FF”
16. Application Integrity: Compliant
For the software (e.g., Applet) being loaded, the operating Requirements are fully addressed by FIPS 140-2. Thus,
system should verify integrity, source, and source no additional analysis has been performed.
authorization using cryptographic means such as digital As per Security Policy the Token uses CRC-16 for the
signature verification or HMAC verification. integrity test of its firmware. Cyclic Redundancy Check
(CRC) is an error detecting code to calculate a check
value that is based on the remainder of a polynomial
division of the input content. CRC-16 means the
polynomial length is 17 bits. When the module is power-
up, the module will generate the check value of the
memory that stores the executing code and compare with
the existing value stores in the FLASH memory. If the
values do not match, the integrity test fails and the
module enters the error state.

17. Admin Password feature: Compliant

The crypto device should have an Admin Password feature
for certain operational reasons. But should meet the following
criteria:
a) The OEM or authorized representative of the crypto Tokens do not have any option to reset the user pin of the
device shall offer the crypto devices for issuance of DSC token by any means. Every token has a unique serial
by CAs without having a PIN reset option by any means. number which is embedded in the token file structure and
Such crypto devices shall have new unique Serial also engraved on the shell.
Number series. The serial number should start with the
first two letters representing OEM. The serial number starts with letter ‘WD’ which represent
the name of OEM ‘Watchdata’

Watchdata ProxKey Cryptographic Token Confidential Page 24

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

b) The resetting PIN of the crypto token holding a valid As per the IVG Guidelines , The CA shall provide key
encryption certificate issued before 01.01.2022 shall be escrow facility, where key pair is securely stored and
carried only after the authentication of the subscriber by managed by CA. The key shall be retrievable again by the
CA. The resetting password of the crypto device having DSC applicant at any point of time, even after expiry of
an encryption certificate shall be carried out only by the the certificate. This shall be retained by CA for minimum
Token Manufacturer or authorized representative of 7 years from the expiry of the certificate. CA shall allow
organization (in the absence of the OEM office in India). the download of the escrowed key only after a successful
video verification of the applicant' . For Reset of user
password for token having encryption certificate, the
subscriber will need to initialize the token and retrieve the
encryption key from the CA repository. In cases where the
period lapsed is more than 7 years from the
expiration date of the encryption certificate, the user will
need to submit the token physically to the OEM for
password reset after proper authentication of KYC of the
subscriber.
Admin password is used to perform various admin
functions such as unblock user pin, all options of security
officer, restore default application, initialize application,
initialize module, create application, import key, update
key, data encrypt/decrypt, set life cycle, set serial number
and inquire initial config information. These are as per the
security Policy submitted for FIPS 140-2 compliance.
18. General Requirements Compliant
a) Unique Serial Number shall be generated by the A Unique serial number is generated by the Cryptographic
Cryptographic Hardware manufacturer for each Token. Hardware manufacturer for each Token. The number is
Such Unique Serial Number should be stored inside the stored within the token file system and is also engraved
token file system and also engraved on the token shell. on the token shell.
b) The Cryptographic Hardware manufacturer shall provide The Watchdata Client User Tool (v6.0.0) shall be provided
necessary libraries to the CAs to read the make, model & to the CA’s to read the make, model & Unique Serial

Watchdata ProxKey Cryptographic Token Confidential Page 25

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

Unique Serial Number from the token file system and Number from the token file system and record the same
record the same while generating key pair or while while generating key pair or while downloading the DSC
downloading the DSC into the token. into the token.
Libraries / API can be provided to CAs to read the token
make, model and unique serial number from the token file
system and CAs can record the same.
c) The Crypto Devices should have product-specific Token product specific interface in the form of middleware
interface software and should be made available for are available for the following operating systems
various versions of Windows, Mac, iOS, Linux, and  Windows
Android by Manufacturers and Suppliers.  Apple MAC operating System
 Redhat Linux
 Ubuntu Linux
 Android

However, as per clarification from OEM, Tokens are not

compatible with IOS due to lack of direct external power
source availability from the host IOS device which is
required by the token & security permission on the device
and Appstore.
d) The crypto device vendors should make available a single A single webpage - https://support.cryptoplanet.in is
web page containing all the details of the Crypto Device maintained by authorized Indian representative of the
and the same shall be shared with CAs. The details OEM which has an option to raise support ticket, product
should be downloadable from the same site where the specific middleware for different operating system,
page is hosted. product technical brochure and user manual.
e) To ensure transparency on the certification & security The token has OEM name ‘Watchdata’ permanently
aspects, the brand name of the Token should bear the printed on one side & Brand Name ‘ProxKey’ on the other
name of the OEM as mentioned in its module validation side.
report (FIPS). The firmware name & version should match
its module validation report (FIPS). The software
embedded in the crypto devices should be of the same The Firmware name & version is ‘36410102’ and the

Watchdata ProxKey Cryptographic Token Confidential Page 26

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

OEM. The certified product should be verifiable physically same is matching with FIPS certificate.
as well as electronically using software tools
The software embedded in the crypto device is from
‘Watchdata’ - OEM
The token middleware software electronically displays the
parameters like OEM Name, FIPS Validation Level &
Validation No.
f)Other than OEM offering, the customization of tokens and Tokens are only offered as standard OEM offering.
custom branding is not allowed. The OEM interface
software should allow the co-existence of other crypto
OEM interfaces in the user’s system The OEM software does not interfere with functioning of
other OEM Crypto Token devices on User’s System.
Same has been verified by installing simultaneously using
the ProxKey Token with other OEM brand tokens on the
same system.
g) Crypto Device having Historical FIPS certificate status, FIPS Status is ACTIVE as per the FIPS Portal-
relied on this document, to be discontinued by CAs from https://csrc.nist.gov/projects/cryptographic-module-
1st April 2023 onwards validation-program/certificate/4159
19. Audit Requirements Compliant
a) For the compliance audit, the security requirements The Token offering are in compliance with the underlying
mentioned in this document refer to the underlying FIPS certification on the following aspects including
certification (FIPS) of the crypto device, for cross-
verification. The overall security requirements mentioned
in this document should refer to FIPS where the a. Smart Card Chip AS518 and K023314A
certification of both hardware and firmware is covered
under the same OEM & version. b. Auto Run in the form of SPI Flash forms part of the
hardware block diagram validated in the FIPS
security policy (Figure No 2)

c. Firmware Version : 36410102 is as per the FIPS

security policy

Watchdata ProxKey Cryptographic Token Confidential Page 27

Kochar Consultants Private Limited Smartcard Security Assessment 13/03/2023

Combination of Hardware Chip, Design & Firmware are

covered under the same OEM i.e. Watchdata in the FIPS
certificate no 4159
b) Token Manufacturer (OEM) or representative
organization (in the absence of OEM office in India) Auditor M/s Kochar Consultants Private Limited is CERT-
should engage a Cert-in empanelled auditor to carry out In empanelled vide Reg No. 3(15)/2004-CERT-In (Vol.
Smartcard Security Assessment. If the representative XIII) dt 08/01/2021 and valid until till 31/10/2023.
organization to engage an auditor, then an authorization
certificate from the OEM for appointing an auditor should Authorization letter from OEM ‘Watchdata’ is obtained in
be submitted to CA along with audit report. favor of authorized representative ‘Pagaria Advisory
Private Limited’ dated 20th February 2023.

Watchdata ProxKey Cryptographic Token Confidential Page 28

To,
M/s Pagaria Advisory Private Limited
901-902, Mayuresh Square, Plot -17, Sector -15,
CBD Belapur, Navi Mumbai, Maharashtra, India – 400614

Dear Sir,

Sub: Smartcard Security Assessment of Watchdata ProxKey Cryptographic Module

We refer to your appointment letter dated February 20, 2023, for security assessment of your Watchdata
ProxKey Cryptographic Module against Guidelines for Security Requirements for Crypto Device version
2.0, issued by CCA on 14/11/2022.

The OEM Watchdata has authorized its Authorized Representative in India, M/s Pagaria Advisory Private
Limited to engage an CERT-In empanelled auditor and get the required assessment done vide their letter
dated February 20, 2023.

M/s Pagaria Advisory Private Limited on behalf of OEM Watchdata is responsible for its assertion. Our
responsibility is to express an opinion on management’s assertion based on our audit.

We have carried out the assessment and validated the assertions by M/s Pagaria Advisory Private
Limited on behalf of OEM Watchdata against the Guidelines for Security Requirements for Crypto Device
version 2.0, issued by CCA. In our opinion, except for the non-compliances summarized in this report the
Authorized Representatives assertion is fairly stated, in all material respects, in accordance with the said
Guidelines, during the period for which the audit was done.

The projection of any conclusions, based on our findings, to future periods is subject to the risk that:
 Changes made to the hardware, design, application or system or controls.
 Changes in processing requirements,
 Changes required because of the passage of time, or changes in business or regulator or guidelines
 Degree of compliance with the policies or procedures may alter the validity of such conclusions.
 Any future known / unknown vulnerability or malware attack, may have altered the validity of such
conclusions

This report along with the annexures is meant for The Controller of Certifying Authorities (CCA) and
M/s Pagaria Advisory Private Limited. Further distribution of this report is at the sole discretion of the
management of the respective organizations. The auditor is not liable for its use for any other purpose or
by any other person. The audit report is issued without any warranty or guarantee by the auditor and
without any obligation towards the auditor.

For Kochar Consultants Private Limited

Kamlesh
Digitally signed by Kamlesh Baburao Kale
DN: c=IN, o=Personal,
2.5.4.20=1f9586a8b90286714bbc72dd3f4dda644a206c3d3cb
67af9012dc45f777de43c, postalCode=400081,

Baburao Kale
st=Maharashtra,
serialNumber=510eb3e60d1a87ac8793913811676308583cb
b8cbf0f25fa6c27521582a9bf14, cn=Kamlesh Baburao Kale
Date: 2023.03.13 12:26:41 +05'30'
Kamlesh Kale
PGDBA, ADCL, CISA, CISM, CHFI. CEH. ISO 27001:2013 LA
Head IT GRC | IT Security
CISA Certificate No: 20163284

Place: Mumbai.
Date: 13/03/2023

Encl: Smartcard Security Assessment of Watchdata ProxKey Cryptographic Module Audit Report Ver. 1.0